Pear_Auth_LDAP with TLS. A working example
If you ever had to struggle with Pear Auth and its LDAP plugin (PHP) against an LDAP server protected by TLS here is a working example.
At first it's wise to check if the system is well configured to perform connection to an ldap server
This short code comes in help:
$ldap="ldaps://example.com:PORT"; $usr="cn=admin,dc=example,dc=com"; $pwd="PASSWORD"; $ds=ldap_connect($ldap); $ldapbind=false; if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) // if(ldap_start_tls($ds)) you can try this but probably it will fail saying that TLS can't be started. Not a big deal $ldapbind = @ldap_bind($ds, $usr, $pwd); ldap_close($ds); echo $ldapbind ? "OK" : "ERROR"
If you get "ERROR" probably there is something wrong somewhere in your system.
If you get OK let's move on the working example for PEAR Auth
To make it short, forget about the host, port and start_tls parameters. I wasted a lot of time 'cause of them. Use just these:
url = "ldaps://example.com:PORT" version = 3 binddn = "cn=admin,dc=example,dc=com" bindpw = "PASSWORD" referrals = "true" basedn = "ou=users,o=company,dc=example,dc=com" userattr = "uid" userscope = "one" userfilter = "(objectClass=inetOrgPerson)" enableLogging = "true" debug = "true" attrformat = "LDAP"
Don't forget to set the userfilter parameter!!